Skillset

Lynis is an open-source security audit tool used to check the security of Linux and UNIX based systems. Since it is self-hosted, it performs extensive security scans when compared to other vulnerability scanners. Lynis is a tool released by CISOFY.

An important feature of Lynis is its Opportunistic Scanning which means that it only scans for what it comes across. Say the system you are scanning has an Apache server running on it. Lynis will scan for only the vulnerabilities related to Apache. While doing so, if it comes across an SSL/TLS configuration, only then it will scan for additional vulnerabilities thus saving time. In short, it will always perform a customized scan depending on the system.

Installation

Once downloaded, simply go into the folder and start by typing:

$ ./lyins

This will show us the various commands and options we can do with it:

To get further information, we can type:

$ ./lynis show options

Mainly, Lynis is used for the following purposes:

System hardening

Vulnerability detection and scanning

Security auditing

Compliance testing (PCI, HIPPA, SOx)

Additional plugins can be used to perform additional tests.

Running a Basic Scan

To run a basic scan on your system with Lynis, simply type:

$ ./lynis audit system

Note: By adding the parameter –quick will enable Lynis to run without any pauses and would enable us to work on other things while it scans.

Lynis will show us any important warnings that we might need to be aware of

as well as the location of the log files generated along with the report data.

How it works

It starts off by detecting the Operating System

It will then search for the available tools and utilities

It will check whether Lynis needs to be updated

It will run tests from enabled plugins

It will run relevant tests for each category

Finally, it will end by reporting the status of the scan

Sample of Log File

Sample of Report File

Ethical Hacking Training – Resources (InfoSec)

As you can see, Lynis includes impacts and suggestions (highlighted in blue) for anything that might be harmful to the system.

Running Specific Tests

Lynis also gives us the option to run specific tests on specific modules. However, we need to know the TEST ID of that tests. To do that, we do need to have a log file of the complete scan so that we can fetch the TEST ID’s from.

Here’s a list of TEST ID’s available in Lynis:

BOOT

KRNL (Kernel)

PROC (Processor)

AUTH (Authentication)

SHELL

FILE

STRG (Storage)

NAME (DNS)

PKGC (Packages)

NETW (Network)

PRNT (Printer)

MAIL

FIRE (Firewall)

HTTP (Web Server)

SSH

SNMP

DBS (Database)

PHP

LDAP

SQD (Squid Proxy)

LOGG (Logging)

INSE (Insecure Services – Inetd)

SCHD (Scheduling – Cron Jobs)

ACCT (Accounting)

TIME (Time Protocol – NTP)

CRYP (Cryptography)

VIRT (Virtualization)

HOME

HRDN (Hardening)

MALW (Malware)

MACF (AppArmour – SELINUX)

By using a simple GREP command, we can fetch the relevant TEST ID from the log file and perform specific tests:

$ cat /var/log/lynis.log | grep MALW

Moreover, as we can see, it shows us all the TEST ID’s associated with Malware scanning along with that they do. Now if we want to check for Rootkit Hunter, we will simply run:

$ ./lynis –tests “MALW-3276”

We can also run multiple specific tests say for Rootkit Hunter and LMD by:

$ ./lynis –tests “MALW-3276 MALW-3278”

We can do this with different test modules as well.

We can also use the GREP command to filter out the Warnings and Suggestions from that long log file.

Updating Lynis

It is always recommended to keep your scanners up-to-date, and Lynis is not an exception to that. A simple command can help us to do the same:

$ ./lynis update info

Making a Cron Job

We can create a simple bash script and make it run Lynis on a daily basis and save its report so as to be extra careful:

A creative problem-solving full-stack web developer with expertise in Information Security Audit, Web Application Audit, Vulnerability Assessment, Penetration Testing/ Ethical Hacking as well as previous experience in Artificial Intelligence, Machine Learning, and Natural Language Processing. He has also been recognised by various companies such as Facebook, Google, Microsoft, PayPal, Netflix, Blackberry, etc for reporting various security vulnerabilities. He has also given various talks on Artificial Intelligence and Cyber Security including at an TEDx event.

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

Website

Save my name, email, and website in this browser for the next time I comment.

two − = 0

About InfoSec

At Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We provide the best certification and skills development training for IT and security professionals, as well as employee security awareness training and phishing simulations. Learn more at infosecinstitute.com.

Connect with us

Join our newsletter

File download

First Name

Last Name

Work Phone Number

Work Email Address

Job Title

Why Take This Training?

How will you fund your training?

What is your training budget?

InfoSec institute respects your privacy and will never use your personal information for anything other than to notify you of your requested course pricing. We will never sell your information to third parties. You will not be spammed.

Comments

What is Skillset?

Skillset

Practice tests & assessments.

Practice for certification success with the Skillset library of over 100,000 practice test questions. We analyze your responses and can determine when you are ready to sit for the test. Along your journey to exam readiness, we will:

1. Determine which required skills your knowledge is sufficient
2. Which required skills you need to work on
3. Recommend specific skills to practice on next
4. Track your progress towards a certification exam